Tags
0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
Computer & Web Vulnerabilities
Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities
Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security Vulnerabilities
Product: Feed2JS
Vendor: feed2js.org
Vulnerable Versions: v1.7
Tested Version: v1.7
Advisory Publication: May 09, 2015
Latest Update: May 09, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Proposition Details:
(1) Vendor & Product Description:
Vendor:
feed2js.org
Product & Vulnerable Versions:
Feed2JS
v1.7
Vendor URL & Download:
Feed2JS can be downloaded from here,
https://feed2js.org/index.php?s=download
Source code:
http://www.gnu.org/licenses/gpl.html
Product Introduction Overview:
“What is “Feed to JavaScript? An RSS Feed is a dynamically generated summary (in XML format) of information or news published on other web sites- so when the published RSS changes, your web…
View original post 431 more words